Sub resource Integrity (SRI) not implemented but all external scripts are loaded securely

OWASP 2013-A5 OWASP 2017-A6 OWASP 2021-A5 OWASP 2019-API7 CWE-345 WASC-15 WSTG-INFO-05

Sub-resource integrity is a security feature that allows a developer to ensure that resources hosted on 3rd party services like CDN (Content Delivery Networks) are delivered to the application without any modification. The sub-resource integrity helps to load content faster as different resources like scripts and stylesheets are hosted in CDN. The SRI achieves this goal by comparing the hash value of resources present in the web server and the resources in third-party services. If the CDN gets hacked by an attacker, the SRI protects the application from attacker’s malicious move to attack the application using cross-site scripting. Example

                <script src=""


The above code tells the browser to check with the hash value. Same hash value proves that the values have not been changed.


An attacker can gain access to Content Delivery Networks and cause huge damage to the application. If the attacker is one of the persons who had developed one of the CDN used by the application. He can gain access to your system by tweaking the content from CDN.

Mitigation / Precaution

Beagle recommends the following fixes:-

  • Make sure to implement Subresource Integrity

Latest Articles